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DETAILED ACTION 

1 . A response was received on 1 9 January 2007. By this response, Claims 1 , 8, 
and 9 have been amended. Claims 18-20 have been canceled. No new claims have 
been added. Claims 1-14 are currently pending in the present application. 

Response to Arguments 

2. Applicant's arguments filed 19 January 2007 have been fully considered but they 
are not persuasive. 

Regarding the rejection of Claims 9-14 under 35 U.S.C. 101 as directed to non- 
statutory subject matter, Applicant asserts that the amendments to Claim 9 render the - 
claims statutory (page 5 of the present response). The Examiner respectfully 
disagrees. First, the Examiner notes that there does not appear to be sufficient written 
description in the present specification for the added limitation that the claimed 
machine-accessible medium is "tangible". Second, the Examiner notes that the claim 
as amended, particularly the limitation of "tangible machine-accessible medium" would 
still appear to encompass, for example, paper having the computer code written 
thereon. Specifically, paper is a "medium" that could be "accessible" by a "machine" 
such as an optical scanner; further, paper is a "tangible" medium. However, code on 
paper does not clearly provide a medium that allows a machine to execute the 
instructions listed in the code. Code on paper constitutes, at best, functional descriptive 



Application/Control Number: 10/022,592 Page 3 

Art Unit: 2137 

material perse, which is not considered to be statutory subject matter. When a claim 
encompasses non-statutory embodiments, the claim as a whole is considered to be 
directed to non-statutory subject matter. See MPEP § 2106.01. 

Further, the Examiner again notes the use in MPEP § 2106.01 of the term 
"computer-readable medium". 

Regarding the rejection of Claim 8 under 35 U.S.C. 1 12, second paragraph, as 
indefinite, Applicant asserts that the amendment to the claim "directly addresses the 
Examiner's concerns" set forth in the previous Office action. However, the Examiner 
respectfully disagrees. In particular, the previous Office action explicitly noted that there 
was insufficient antecedent basis for the limitation "the client not providing the at least 
one first certificate" in the claims; however, Applicant has not addressed or 
acknowledged this issue in the present response. Further, the amendment merely adds 
the phrase "the revoking of the third party's ability to use the at least one first certificate" 
in place of merely "the revoking" (in lines 3-4 of the claim); however, this does not 
provide any clarification because the claim already recited that the revoking was of the 
third party's ability to use the at least one first certificate in lines 2-3 of the claim. The 
Examiner again notes that although the specification provides support for the client not 
providing the certificate, it does not clearly provide support for or describe all possible 
ways of revoking the third party's ability to use the first certificate. Further, although the 
specification says that not providing the certificate "effectively revokes" the privilege, this 
seems to contradict the more common definition of revoking a certificate, where only the 
issuer is able to revoke a certificate. The Examiner again notes that, as claimed, the 
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client revokes the use of a certificate, but the client is not the issuer of the certificate; 
rather, it is the authorizer that is the issuer. 

Claims 1-9 and 12-14 were rejected under 35 U.S.C. 102(e) as anticipated by 
McGarvey, US Patent 6643774. Claim 10 was rejected under 35 U.S.C. 103(a) as 
unpatentable over McGarvey in view of Eastlake et al, "XML-Signature Syntax and 
Processing". Claim 1 1 was rejected under 35 U.S.C. 103(a) as unpatentable over 
McGarvey in view of Ellison et al, "SPKI Certificate Theory". 

Regarding the prior art rejections, and specifically regarding the rejections of 
independent Claims 1 and 9, Applicant argues that the amendments to the claims, with 
the addition of the phrase "directly in response to the authorizer accessing the universal 
resource identifier", specifically the language "directly in response to", distinguish the 
claims from McGarvey. The Examiner respectfully disagrees. First, the Examiner notes 
that there does not appear to be sufficient written description in the specification for the 
added limitation that the provision of the first certificate is "directly in response to" the 
authorizer accessing the URI. Second, there does not appear to be a significant 
distinction drawn between providing the certificate "upon" the authorizer accessing the 
URI as opposed to providing the certificate "directly in response to" accessing the URI. 
Clearly, the term "upon" in this context would mean that the certificate is provided at the 
conclusion of or after the authorizer accessing the URI; it appears that "in response to" 
would have the same meaning, and that the use of the modifier "directly" would only 
amplify that the provision is performed immediately following the accessing. Applicant 
argues that the amendment "rules out the scenario of McGarvey where the third party 
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receives the certificate and then forwards it on" (page 6 of the present response); 
however, the Examiner does not believe this to be the case. There appears to be 
nothing in the phrase "directly in response to" that limits the manner in which the 
certificate is provided; the phrase only appears to limit the time frame in which it is 
provided. This is further borne out by the description in McGarvey where forwarding the 
certificate is used as a synonym for "tunneling" (see McGarvey, column 11, lines 54-55), 
where tunneling is suggestive that it the actual transmission or provision of the 
certificate is at base between the client and the private key system, corresponding to 
the claimed authorizer (column 11, lines 61-66, for example). 

Therefore, for the reasons detailed above, the Examiner maintains the rejections 
as set forth below. 

Specification 

3. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: The specification does not provide proper antecedent basis 
for the limitation in amended Claims 1 and 9 that the at least one first certificate is 
provided "directly in response to" the authorizer accessing the URI. The specification 
also does not provide proper antecedent basis for the added limitation in Claim 9 that 
the machine-accessible medium is "tangible". See below regarding the rejection under 
35 U.S.C. 112, first paragraph. 
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Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 9-14 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claims 9-14 are directed to a "tangible machine-accessible medium" including a 
computer program ("instructions") for performing method steps. The term "machine- 
accessible medium" is broad enough to encompass, for example, a computer program 
written on paper, noting that paper is a tangible medium. This is a computer program or 
data structure perse. Functional descriptive material such as a computer program per 
se that is not embodied in a computer readable medium is not statutory subject matter. 
See MPEP§ 2106.01 I. 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

7. Claims 1-14 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
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that was not described in the specification in such a way as to reasonably convey to one 
skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. 

Specifically, Claims 1 and 9 have been amended to recite the limitation 
"providing, by the client to the authorizer, the first certificate, directly in response to the 
authorizer accessing the universal resource identifier". There is not sufficient written 
description for the claimed subject matter, in particular, the newly added limitation that 
the provision is "directly in response to" the authorizer accessing the URI. Although the 
claims previously recited "upon" and there does not appear to be a specific distinction 
drawn between "upon" and "directly in response to" (as noted above), it appears from 
Applicant's arguments regarding the prior art rejections (see page 6 of the present 
response) that a distinction was intended. However, it is not clear from the specification 
what such a distinction would be. 

Additionally, Claim 9 has been amended to recite the limitation "tangible 
machine-accessible medium". There is not sufficient written description for the claimed 
subject matter, particularly the newly added term "tangible". The term does not appear 
in the present specification; further, there is nothing that clearly suggests or defines the 
claimed "machine-accessible medium" as anything other than the plain meaning of the 
words. 

Claims not specifically referred to above are rejected due to their dependence on 
a rejected base claim. 
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8. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

9. Claims 1-14 rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claims 1 and 9 recite the limitation "providing, by the client to the authorizer, the 
first certificate, directly in response to the authorizer accessing the universal resource 
identifier". The use of the term "directly" is generally unclear, as it is a relative term, and 
it is not clear exactly how it is intended to modify the phrase "in response to". It appears 
that it may be intended to mean "immediately"; however, there is nothing in the 
specification to explicitly support such an interpretation, nor is there any clear guidance 
provided in the specification as to how the term is intended to be interpreted. 

Claim 8 recites the limitation "the client not providing the at least one first 
certificate". There is insufficient antecedent basis for this limitation in the claims; 
although there is a client, there is no mention of a client not providing the at least one 
first certificate. Further, the limitation is generally vague. Additionally, the claim recites 
"revoking, by the client, the third party's ability to use the at least one first certificate"; 
however, by the art-accepted definition of the term, a certificate, or the use thereof, can 
only be revoked by the issuer, and the client is not the issuer of the first certificate(s). 
Rather, the authorizer is the issuer, and therefore, the client would not be able to revoke 
the first certificate(s). This contradiction further renders the claim indefinite. 
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Claims not specifically referred to above are rejected due to their dependence on 
a rejected base claim. 

Claim Rejections - 35 USC § 102 

1 0. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1 1 . Claims 1-9 and 12-14 are rejected under 35 U.S.C. 102(e) as being anticipated 
by McGarvey, US Patent 6643774. 

In reference to Claim 1, McGarvey discloses a method including a client storing a 
first certificate from an authorizer, the client storing a URI associated with the first 
certificate and a third party, the client providing a certificate and the URI to the third 
party (see column 12, lines 22-26), and the client providing the first certificate to the 
authorizer in response to the authorizer accessing the URI, in which the client retains 
control over the third party's use of the first certificate (see Figures 3 and 8, where the 
client 300 corresponds to the client of the present claim, the server 310 corresponds to 
the third party of the present claim, and private key system 330 corresponds to the 
authorizer of the present claim; see also column 11, line 37-column 12, line 11). 
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In reference to Claims 2 and 3, McGarvey further discloses providing a short- 
term use certificate to the third party (column 12, lines 30-35; column 8, lines 8-13). 

In reference to Claim 4, McGarvey further discloses authenticating the authorizer 
upon accessing the URI (column 11, lines 60-61). 

In reference to Claims 5 and 6, McGarvey further discloses limiting and tracking 
the third party's use of the first certificate (column 8, lines 8-13). 

In reference to Claim 7, McGarvey further discloses that the contents of the first 
certificate are not revealed to the third party (see column 1 1 , lines 42-46). 

In reference to Claim 8, McGarvey further discloses that the first certificate can 
be revoked (see column 12, lines 30-36). 

In reference to Claim 9, McGarvey discloses a computer-implemented method 
including a client receiving a first certificate from an authorize, the client generating a 
URI associated with the first certificate and a third party, the client providing a second 
certificate and the URI to the third party (see column 12, lines 22-26), and the client 
providing the first certificate to the authorizer upon the authorizer accessing the URI 
after the third party has provided the second certificate and URI to the authorizer (see 
Figures 3 and 8, where the client 300 corresponds to the client of the present claim, the 
server 310 corresponds to the third party of the present claim, and private key system 
330 corresponds to the authorizer of the present claim; see also column 1 1 , line 37- 
column 12, line 11). 
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In reference to Claim 12, McGarvey further discloses that the third party is 
granted access to a resource of the authorizer (column 8, lines 4-19). 

In reference to Claim 13, McGarvey further discloses tracking a use of the 
second certificate (column 8, lines 8-13). 

In reference to Claim 14, McGarvey further discloses that the second certificate 
can be revoked (column 8, lines 10-13; column 12, lines 30-36). 

Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claim 1 0 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
McGarvey in view of Eastlake et al, "XML-Signature Syntax and Processing". 

McGarvey discloses everything as applied above to Claim 9. However, 
McGarvey does not explicitly disclose the use of XML signatures. Eastlake discloses 
that XML signatures can be used to apply digital signatures to the content of resources 
that may be external to the signature itself (page 4, section 1.0, "Introduction"). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of McGarvey to include the use of XML 
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signatures, in order to provide integrity and message or signer authentication (see 
Eastlake, page 1 , Abstract). 

14. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGarvey in view of Ellison et al, "SPKI Certificate Theory". 

McGarvey discloses everything as applied above to Claim 9. However, 
McGarvey does not explicitly disclose the use of SPKI certificates. Ellison et al disclose 
that authorization certificates can be used to delegate authorizations (page 14, section 
4, "Delegation") and that SPKI certificates can be used to define an authorization 
certificate (page 13, section 3.3, "SPKI Certificates"). Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify 
the systems and methods of McGarvey to include the use of SPKI certificates, in order 
to allow for authorizations to be delegated without needing to involve the owner of the 
resource concerned (see Ellison, page 14, section 4). 

Conclusion 

15. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571) 272- 
3870. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's . 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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